doctorow at July 27th, 2013 22:44 — #1
jake0748 at July 27th, 2013 22:59 — #2
So, on the one hand, the UK court spurns the help of good-guy hackers. On the other hand, we are talking about luxury cars, bought and owned by very rich people. Fuck them. Their insurance will take care of it anyway.
miasm at July 27th, 2013 23:32 — #3
Because stopping someone speaking in public in one particular instance stops any information on the topic ever being disseminated.
Of the few people I do know in the legal profession, the trend is that they think quite highly of their intellects and rightly so.
The maturation process wherein it ages into total and absolute capitulation to obscene power must happen later in life.
nixiebunny at July 27th, 2013 23:42 — #4
So instead of some obscure technical talk at a security conference, the subject will be discussed in the mainstream press as a censorship issue. Good planning, VW.
mrmark at July 27th, 2013 23:42 — #5
Welcome to the new millennium where security consists of sticking your fingers in your ears and going "nah nah I can't hear you!!!"
jake0748 at July 27th, 2013 23:54 — #6
Yay Internets and series of tubes! Info continues to slip through the greasy fingers of evil people.
miasm at July 28th, 2013 00:03 — #7
Won't somebody think of... blaming it on terrorists!
phasmafelis at July 28th, 2013 01:10 — #8
I'm not clear on two things: would the presentation make it significantly easier for a criminal to break into a car, and did Garcia give Volkswagen time to do the right thing beforehand? Those'll make a big difference.
fuzzyfungus at July 28th, 2013 01:33 — #9
In the world of utterly-crap proprietary crypto systems that get baked into hardware(see also many of the MIFARE variants from NXP), the trouble is that 'time to do the right thing' might be measured in years, probably several of them.
This isn't the (awful; but at least reasonably agile) world of software bugs and patches, where 6 months is a long time. This is something that gets burned into a zillion ASICs that get stamped into a bunch of keyless entry systems that will remain with cars until either their retirement or a truly epic recall, in favor of an alternative that probably hasn't been developed yet.
actionabe at July 28th, 2013 01:51 — #10
Which is why VW should be held to high standard, before thousands of defective cars become millions.
actionabe at July 28th, 2013 01:53 — #11
They should give it to an American. Or maybe just leave it lying around where a sneaky Frenchman or German can stumble upon it.
fuzzyfungus at July 28th, 2013 02:02 — #12
Oh, please don't get me wrong: I'm not taking VW's side on this one, just arguing that the 'enough time for the vendor to do something' is really a concept born of, and applicable to, the world of software running on general purpose computers.
It's still impolite to hide defects from vendors of such baked-into-hardware systems as this; but where "responsible disclosure" in even its most supine, vendor-friendly, form means maybe 6-8months on the PC side, it would mean probably 10 years on the hardware-embedded side.
My contention would be that, under those circumstances, it isn't a very useful standard. Also, in the specific context of cars, the owners of the cars really ought to know as soon as possible, lest Team Insurance try the old 'Nope, that system is unhackable, if your car was stolen you must have been negligent!' line. (see also 'Chip and Pin' bank liability controversy)
fnordius at July 28th, 2013 02:14 — #13
I am curious as to whether the court's injunction only applies to Prof. Garcia and the University of Birmingham, or rather if his colleagues in Nijmegen would be free to go through Dutch channels and release the paper as a translation from the original Dutch.
greggman at July 28th, 2013 03:28 — #14
It sounds like researchers need to stop giving notice about what they are going to speak about before they speak about it. Imagine if Newspapers said "In a week we're going to tell you about how the NSA is spying on you". If they did that I'm sure some government officials would try to find a way to bar the newspaper from disclosing the info.
fuzzyfungus at July 28th, 2013 03:48 — #15
You don't need to imagine: just think back to when the NYT decided to sit, for at least a year (and an election) on their little illegal warrantless wiretapping story. Been there, done that, bought the dystopian surveillance state.
So, yeah, if you plan to displease the powerful, don't spoil the element of surprise.
boundegar at July 28th, 2013 04:23 — #16
What? When did the mainstream press ever ever discuss censorship issues? Ever?
I would almost suspect an ulterior motive, if only there was a multi-billion pound breaking-into-cars industry. But then Garcia would have had an unfortunate accident, instead of a court order.
davolente at July 28th, 2013 04:46 — #17
I'm surprised it was Judge Birss who did this. Thought he was one of the more technically literate and sensible of the UK judiciary after slapping down THAT law firm for speculative invoicing.
kenmce at July 28th, 2013 07:24 — #18
It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.
Well, the software has been available to the public for three years now. I assume someone at VW knew it was out there, and if they wanted to know, that this could lead to its failure. Three years is usually enough time to do a recall campaign.
minnesotafats at July 28th, 2013 09:20 — #19
There's a very simple way to hold VW to a high standard. Don't buy their product.
dennisarmstrong at July 28th, 2013 09:56 — #20
Very simple? Very simplistic.
next page →